Vaultwarden commit introduces SSO using OpenID Connect

https://github.com/dani-garcia/vaultwarden/pull/3899

Just moved al my #git repos from #GitHub to my own #Forgejo instance.
I did complete setup with #sso (single sign on) using #KeyCloak and with in-docker runner.

Up until today's morning I was going to install gitlab, but I was persuaded by being presented as lightweight, fully selfhostable, 100% open and with federating features on the way.

Looking forward to try some federation stuff.
https://git.skorpil.cz/explore/repos

A couple of questions for #unix gurus.

With the Windows 10 EOL crisis, we are likely going to be switching most of our lab computers over to unix. We have been testing #Ubuntu 24.04 LTS. It seems to meet most of our requirements nicely, but I have two needs I have not solved yet:

1. I am looking for some sort of #SSO system where I can control all of the logins and group permissions centrally for the lab. I don't want people to have to maintain passwords across two dozen computers. I do not need the whole complexity of centralized group policies and the like. I just need SSO.

2. I am looking for a reliable #AntiVirus system. I know that people say unix doesn't need it, but I just don't believe that.

Important keys are (1) most of my personnel are not computer-savvy unix-gurus, and (2) I do not have the time to be a full-time sysadmin for two dozen computers, so the "we can hack this together with enough effort" solutions that I used when I was a (unix-savvy) graduate student myself is not acceptable here. I need a more business-friendly system.

Cost matters, but I'm willing to pay for the right thing. So am interested in both freeware and paid solutions.

thanks for any suggestions.

PS. PLEASE do not respond to this with a rants about freeware vs corporate, or the qualities of unix vs Windows. Those are debates for another time and another place. thx

The #linux #entra #sso #webextension also works on Mozilla #thunderbird. By that, IMAP, SMTP and #ews can be accessed with device trust. The install steps are basically the same as on #Firefox

https://github.com/siemens/linux-entra-sso/pull/77

Setting up a sector-wide #PeerTube pilot instance on behalf of Dutch higher ed & research using #SSO via #SAML, so no local usernames/passwords…

Anyone with experience uploading videos using the #REST #API for system integration purposes? No classic #OAuth flow here… or is it possible?!

#Framasoft #Fediverse #OpenSource #Education #Science #askfedi

https://video.edu.nl/

Empfehlenswerter Artikel und Thread-Zusammenfassung von @pikarl zum Thema Unis im #Fediverse und insbesondere #mastodon #FediLZ #FediCampus Ein Hinweis: Meines Wissens nach stellt die @gwdg allen Mitarbeitenden UND Studierenden aller nds. Hochschulen ein Mastodon-Account per #SSO zur Verfügung . da ist also viel Potential vorhanden für #NDSedu ! in Kooperation mit @zesspress will ich daher Studierenden im kommenden Semester das Fediverse näher zu bringen. https://reporter.social/@pikarl/114895547755049953

On weekend I managed to connect all my selfhosted services that support it to the #Keycloak #SSO (single sign on).
Namely #Mastodon #Peertube #NextCloud #FreshRSS #Matomo and #grafana

Why to bother with such complication for apps serving only a couple of users?
First it's quite easy nowadays.
And second, because I want to get rid of passwords and just use #passkeys .

This is one of many examples showing that good apps should just focus on one task and just use standards to cooperate with other apps focusing on other tasks.

Peertube for example focuses on videos, not user management. I am very OK that they don't support passkeys, because they implemented OpenId Connect standard to allow me use Keycloak for better login options.

On the other hand, I am quite sad that SSO is often the one feature, that is proprietary and reserved only for paying customers. SSO is not for huge corporations anymore. It's also usefull for us, selfhosters with couple of users.

#Microsoft #SSO: ten times PER application, every morning, at random times over the day. NEVER just a single sign on.

Customer loves to waste money....

Is there a term for the class of "credential storage confusion" #security issues, where the user accidentally saves a password or passkey in a vault they don't actively use (browser, #SSO IdP, #passwordManager, OS)?

One thing that made me think of this is having to go through a separate step (like "use a different device") on Android to avoid enrolling the phone as passkey.

I can see how users spread active credentials across multiple services which seems like a massive #infosec issue to me...

I’m speaking at #KeyConf25 this August in Amsterdam!

My talk will dive into Token Exchange in real-world Keycloak setups — advanced patterns, pitfalls, and practical tips.

Grab your ticket: https://keyconf.dev
#Keycloak #OAuth2 #OIDC #IAM #SSO #OpenSource

#CyMaIS now supports #moodle with #SSO via #OIDC.

Implemented via https://github.com/kevinveenbirkenbach/cymais/tree/master/roles/docker-moodle

You can register and check out the demo here:
https://academy.cymais.cloud/

CC: @moodle @dag_moodle

Inzwischen hatte ich übrigens Zeit, mit dem Keycloak Auditor kcwarden von @hacksilon und seinem Kollegen herumzuspielen. Ein super Tool, um zu prüfen, wo man die oft sehr laxen Standardeinstellungen nachjustieren sollte!

Repo: https://github.com/iteratec/kcwarden

Vortrag: https://www.youtube.com/watch?v=PRvHLx5oCj4

(Und hinterher bitte testen, ob alles noch geht, besonders bei den RedirectURIs. )

Hey #pocketid users!

I submitted 2 feature requests on GitHub for Pocket-ID. Feel free to upvote them if you find them useful :-)

Feature: Approximate Location Recognizes Local IPv6 as LAN, Internal Network
https://github.com/pocket-id/pocket-id/issues/634

Feature: Global Audit Log Adds a Local Traffic Filter
https://github.com/pocket-id/pocket-id/issues/635

Thanks

Was bedeutet eigentlich Single Sign-On (SSO)?

Erfahren Sie mehr: https://opentalk.eu/de/glossar/single-sign-sso

New blog post:
Looking for a #selfhosted #OIDC solution that's #passkey compatible and integrates with #Synology #DSM #SSO? Pocket ID is the answer.

https://www.blackvoid.club/pocket-id-passkey-oidc-provider/

I love #PocketID, a light weight #selfhosted #OIDC using only #Passkey.

After using it for several months with an LXC installation using Proxmox Helper Scripts, I noticed that the service runs as root. I also learned that a VM installation is more secure than an LXC. This article will guide you through installing Pocket-ID as a non-root service on Debian. Additionally, there's an upgrade script included.

#Proxmox #debian #selfhosting #homelab #openID #passkeys #SSO

https://www.lucasjanin.com/2025/06/02/pocket-id-bare-metal-installation-on-debian

Après avoir utilisé #PocketID pendant plusieurs mois avec une installation LXC via les Proxmox Helper Scripts, j'ai remarqué que le service s'exécute en tant que root. J'ai également appris qu'une VM est plus sécurisée qu'un LXC. Cet article vous guidera dans l'installation de PocketID en tant que service non root sur Debian. De plus, un script de mise à niveau est inclus.

#Proxmox #debian #selfhosted #selfhosting #homelab #OIDC #openID #passkey #passkeys #SSO

https://www.lucasjanin.com/2025/06/02/pocket-id-installation-bare-metal-sur-debian/

Es ist zum Haare raufen. Vor kurzem wurde TikTok u.a. deswegen verknackt, weil sie auf Servern auf hosten, auf die sie von China aus Zugriff haben; Weil das Datenschutzniveau nicht dem der EU entspricht und das auch nicht vertraglich ("Standardvertragsklauseln") auf sichere Beine gestellt werden kann.
Nun habe ich das wieder zum Anlass genommen meine Vorgesetzten darauf hinzuweisen, dass es vielleicht bei der Situation zw. #EU und den #USA keine gute Idee ist mit unserem #SSO und #IAM (für uns und Kunden) auf #AWS #Cloud zu setzen und wir doch vielleicht wenigstens z.b. bei #Hetzner einen Backupplan entwickeln sollten.
Man hofft, dass schon alles gut gehen wird und setzt, weil die Unternehmensgruppe drauf setzt und man viel investiert hat, weiter auschließlich auf AWS.